[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: wish list

To: securedistros@nl.linux.org
Subject: Re: wish list
From: Crispin Cowan <crispin@cse.ogi.edu>
Date: Mon, 07 Jun 1999 23:45:21 -0700
Organization: Oregon Graduate Institute
References: <009701beb073$5699cc00$0400010a@mustang.guarded.net> <4.2.0.56.19990607101523.009609a0@purgatory.fdf.net>
Reply-To: securedistros@nl.linux.org
Sender: owner-securedistros@humbolt.nl.linux.org

Dustin Marquess wrote:

> At 06:38 AM 6/7/99 , you wrote:
> >hi at all!,
> >  Some interesting feature that i think are important:
> >
> >
> >- Compile distro with stackguard
>          StackGuard seems to provide a cover-up, at the cost of
> speed.  This speed is unnoticable in small programs, but when you get into
> large MySQL databases and such, it probably will be.

Whether its a cover-up or a defense against future bugs is entirely a
function of how actively you patch your system.  StackGuard was designed
primarily to provide a defense against unknown vulnerabilities.  It's just
convenient that it also allows you to be lazy about patching :-)

Regarding performance:  our measurements show exactly the opposite of your
conjecture.  StackGuard overhead on small programs is substantial, but is so
small that it is difficult to measure for large programs.  We benchmarked
StackGuard-protected Apache with the Webstone benchmark, and the performance
is a wash.

>          I am also a firm believer that the actually code should be
> fixed.  Fix the code and send a patch to the maintainer.  This way
> everybody reaps the benefits of having a secure program, and we don't have
> to deal with StackGuard.

So am I.  Were you aware that when you attempt to exploit a vulnerability
that StackGuard defends, it syslogs the system with the name of the program
AND THE FUNCTION that is being exploited?  StackGuard tries to help in
keeping your code patched by telling you what needs patching.

>          Now of course this doesn't help if a new bug is found.  I have
> been toying with the idea of using StackGuard on anything that is going to
> be suid root, just as an added layer of paranoia.

Exactly.  You also need to StackGuard anything that root is going to run as a
matter of course, and anything that root leaves running on an on-going basis,
and anything that binds to a network port and thus could be exploited by a
remote attacker.  We couldn't figure out what that set is, either :-) so we
just StackGuarded everything.

>          I've also been working on a bash script to detect stupid coding
> mistakes such as insecure strcpy()'s and such, and allow the user to let

There's also versions of libraries that bitch when you link to unsafe
functions like strcpy().

Crispin
-----
 Crispin Cowan, Research Assistant Professor of Computer Science, OGI
    NEW:  Protect Your Linux Host with StackGuard'd Programs  :FREE
       http://www.cse.ogi.edu/DISC/projects/immunix/StackGuard/

              Microsoft:  Putting the "lame" in "layman"

-
Securedistros: A common list for all secured Linux distributions
Archive:       http://humbolt.nl.linux.org/lists/

References:
- Re: wish list
  - From: "Matt Caldwell" <falken@networkcarolina.com>
- Re: wish list
  - From: Dustin Marquess <jailbird@alcatraz.fdf.net>

Prev by Date: Re: ideal tripwire environment
Next by Date: Re: wish list
Prev by thread: Re: wish list
Next by thread: Re: wish list
Index(es):
- Date
- Thread